From owner-freebsd-questions@freebsd.org Tue Aug 25 14:22:32 2015 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 7858599A9F8 for ; Tue, 25 Aug 2015 14:22:32 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: from mail-wi0-x229.google.com (mail-wi0-x229.google.com [IPv6:2a00:1450:400c:c05::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 235032EF for ; Tue, 25 Aug 2015 14:22:32 +0000 (UTC) (envelope-from kraduk@gmail.com) Received: by wicja10 with SMTP id ja10so16819044wic.1 for ; Tue, 25 Aug 2015 07:22:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=52Z0t/ejo2gsxuFiBPyAOfNs9a01Tx9BNShqocSE+WA=; b=nm7WUyvzsOgPC20V+ajgkMN96HwNLtMKO1j989BJSpIP4Lmgx6837z2AMvCDmyQY0n 5x2gtm+ZbUxtan/J4MsaFi5apZNcBNK8GqUYxDglVdNCG88zJi7fdDcRtQwPDh2aFEL1 qkBOpgwZLgxKTVncsSnQw4fm4s3VBKpCqp24aIFJhpSBcfPYI9B0ueZ6TKQAvXz5iyCV sLRZpHNNfjZEIQy2ajy9CAjchX3Uoy5ehgPqaqYJ2H1I/m3VTQXdlriGtJ0BsiV2h0SJ r7ijikmq4Ip4WwlIidZe9i5r2Cbl3qOL91OTEVvCKYEtG4iES+CPR66Qb0YiAw9SKeX2 NhvQ== MIME-Version: 1.0 X-Received: by 10.194.209.167 with SMTP id mn7mr49198233wjc.64.1440512550494; Tue, 25 Aug 2015 07:22:30 -0700 (PDT) Received: by 10.28.125.212 with HTTP; Tue, 25 Aug 2015 07:22:30 -0700 (PDT) In-Reply-To: <20150825135258.GA1330@xtaz.uk> References: <22DC19936F1E477D981FCB31FD51375E@Rivendell> <20150825135258.GA1330@xtaz.uk> Date: Tue, 25 Aug 2015 15:22:30 +0100 Message-ID: Subject: Re: Blocking SSH access based on bad logins? From: krad To: Matt Smith , Reko Turja , Jaime Kikpole , FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.20 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.20 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 25 Aug 2015 14:22:32 -0000 Its true moving the port will help as most of the stuff that hits you will be automated scans. Fail2ban also works well in my experience. However proper firewall acls and disabling password based auth is a better way to go, but none of these things are mutually exclusive. Remember security is like an onion. On 25 August 2015 at 14:52, Matt Smith wrote: > On Aug 25 16:29, Reko Turja wrote: > >> IMO switching SSH port is security by obscurity, determined attacker will >> eventually find the altered port if so inclined. >> > > I agree that it is security by obscurity but when I ran SSH on port 22 it > was syslogging at least several hundred login attempts every day, currently > I run it on port 422 and it's never had one single login attempt that > wasn't myself. Obviously you have to make sure it's also secure regardless > which I do by requiring that the login is either with a key, or if with a > password it also requires a one-time-password 6 digit code read from an app > on my phone. > > So if all the login attempts bother you, moving the port certainly works. > Just make sure you also keep it secure in other ways. > > -- > Matt > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >